WordPress Vulnerability Daily Update

Spectra – WordPress Gutenberg Blocks Vulnerability – Missing Authorization via generate_ai_content – CVE-2024-37517 | WordPress Plugin Vulnerability Report

July 5, 2024

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-37489 | WordPress Plugin Vulnerability Report

July 4, 2024

Posted in Security, Vulnerabilities

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads:…

Read about this Latest WordPress Vulnerability

Ninja Forms – The Contact Form Builder That Grows With You Vulnerability – Authenticated (Subscriber+) Arbitrary Shortcode Execution – CVE-2024-37934 | WordPress Plugin Vulnerability Report

July 4, 2024

Posted in Security, Vulnerabilities

Plugin name: Ninja Forms – The Contact Form Builder That Grows With You Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

July 2, 2024

Posted in Security, Vulnerabilities

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

July 2, 2024

Posted in Security, Vulnerabilities

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

July 1, 2024

Posted in Security, Vulnerabilities

Plugin name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

June 27, 2024

Posted in Security, Vulnerabilities

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000…

Read about this Latest WordPress Vulnerability

ElementsKit Elementor addons Vulnerability – Missing Authorization – CVE-2024-37255 | WordPress Plugin Vulnerability Report

June 27, 2024

Posted in Security, Vulnerabilities

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software…

Read about this Latest WordPress Vulnerability

File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report

June 27, 2024

Posted in Security, Vulnerabilities

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads:…

Read about this Latest WordPress Vulnerability

SiteGuard WP Plugin Vulnerability – Login Page Disclosure – CVE-2024-37881 | WordPress Plugin Vulnerability Report

June 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: SiteGuard WP Plugin Key Information: Software Type: Plugin Software Slug: siteguard Software Status: Active Software Author: jp-secure Software…

Read about this Latest WordPress Vulnerability

Loco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report

June 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: Loco Translate Key Information: Software Type: Plugin Software Slug: loco-translate Software Status: Active Software Author: timwhitlock Software Downloads:…

Read about this Latest WordPress Vulnerability

Solid Security – Password, Two Factor Authentication, and Brute Force Protection Vulnerability – IP Address Spoofing to Denial of Service – CVE-2022-44593 | WordPress Plugin Vulnerability Report

June 20, 2024

Posted in Security, Vulnerabilities

Plugin Name: Solid Security – Password, Two Factor Authentication, and Brute Force Protection Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Spectra – WordPress Gutenberg Blocks Vulnerability – Missing Authorization via generate_ai_content – CVE-2024-37517 | WordPress Plugin Vulnerability Report

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-37489 | WordPress Plugin Vulnerability Report

Ninja Forms – The Contact Form Builder That Grows With You Vulnerability – Authenticated (Subscriber+) Arbitrary Shortcode Execution – CVE-2024-37934 | WordPress Plugin Vulnerability Report

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons Vulnerability – Missing Authorization – CVE-2024-37255 | WordPress Plugin Vulnerability Report

File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report

Loco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report

Solid Security – Password, Two Factor Authentication, and Brute Force Protection Vulnerability – IP Address Spoofing to Denial of Service – CVE-2022-44593 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy